App methods now return errors that allow not-found cases to be distinguished.

1 files changed, 11 insertions, 4 deletions

diff --git a/src/repo/login/extract.rs b/src/repo/login/extract.rs
index a068bc0..a45a1cd 100644
--- a/src/repo/login/extract.rs
+++ b/src/repo/login/extract.rs
@@ -5,7 +5,12 @@ use axum::{
 };
 
 use super::Login;
-use crate::{app::App, clock::RequestedAt, error::InternalError, login::extract::IdentityToken};
+use crate::{
+    app::App,
+    clock::RequestedAt,
+    error::InternalError,
+    login::{app::ValidateError, extract::IdentityToken},
+};
 
 #[async_trait::async_trait]
 impl FromRequestParts<App> for Login {
@@ -22,9 +27,11 @@ impl FromRequestParts<App> for Login {
         let secret = identity_token.secret().ok_or(LoginError::Unauthorized)?;
 
         let app = State::<App>::from_request_parts(parts, state).await?;
-        let login = app.logins().validate(secret, used_at).await?;
-
-        login.ok_or(LoginError::Unauthorized)
+        match app.logins().validate(secret, used_at).await {
+            Ok(login) => Ok(login),
+            Err(ValidateError::InvalidToken) => Err(LoginError::Unauthorized),
+            Err(other) => Err(other.into()),
+        }
     }
 }